통계 시그니쳐 기반의 응용 트래픽 분류

Statistic Signature based Application Traffic Classification

  • 박진완 (고려대학교 컴퓨터정보학과) ;
  • 윤성호 (고려대학교 컴퓨터정보학과) ;
  • 박준상 (고려대학교 컴퓨터정보학과) ;
  • 이상우 (고려대학교 컴퓨터정보학과) ;
  • 김명섭 (고려대학교 컴퓨터정보학과)
  • 발행 : 2009.11.30

초록

오늘날의 네트워크에서는 다양한 응용의 등장으로 인해 트래픽이 복잡 다양해지고 있다. 이러한 상황 속에서 트래픽의 응용 별 분류에 대한 중요성은 날이 갈수록 증가하고 있다. 트래픽의 응용 별 분류에 대한 요구에 따라 기존에도 많은 연구가 이루어졌었다. 포트 기반의 분류, 페이로드 기반의 분류, 머신러닝 기반의 분류 방법들이 제안되었는데 아직 트래픽을 완벽하게 분류해내는 방법론은 개발되지 않은 실정이다. 최근 연구 중에는 플로우의 통계 정보를 이용한 방법론이 많이 연구되고 있다. 본 논문에서는 통계 시그니쳐를 통한 응용 트래픽 분류 방법론을 제안하고자 한다. 플로우 중 첫 N개의 패킷의 페이로드 크기와 방향을 이용하여 통계 시그니쳐를 생성하고, 이를 이용하여 응용 트래픽을 분류한다. 그리고 검증 시스템을 통해 본 분류 방법론이 높은 정확도의 분류 방법론이라는 것을 보인다.

Nowadays, the traffic type and behavior are extremely diverse due to the appearance of various services and applications on Internet, which makes the need of application-level traffic classification important for the efficient management and control of network resources. Although lots of methods for traffic classification have been introduced in literature, they have some limitations to achieve an acceptable level of performance in terms of accuracy and completeness. In this paper we propose an application traffic classification method using statistic signatures, defined as a directional sequence of packet size in a flow, which is unique for each application. The statistic signatures of each application are collected by our automatic grouping and extracting mechanism which is mainly described in this paper. By matching to the statistic signatures we can easily and quickly identify the application name of traffic flows with high accuracy, which is also shown by comprehensive excrement with our campus traffic data.

키워드

참고문헌

  1. Myung-Sup Kim, Young J. Won, and James Won-Ki Hong, 'Application-Level Traffic Monitoring and an Analysis on IP Networks', ETRI Journal, Vol.27, No.1, pp.22-42, Feb., 2005 https://doi.org/10.4218/etrij.05.0104.0040
  2. Jeffrey Erman, Martin Arlitt, Anirban Mahanti, 'Traffic Classification Using Clustering Algorithms', Proc. of SIGCOMM Workshop on Mining network data, Pisa, Italy, pp.281-286, Sep., 2006
  3. Andrew W. Moore and Denis Zuev, 'Internet Traffic Classification Using Bayesian Analysis Techniques,' Proc. of the ACM SIGMETRICS, Banff, Canada, Jun., 2005
  4. Thomas Karagiannis, Konstantina Papagiannaki, and Michalis Faloutsos. 'BLINC: Multilevel Traffic Classification in the Dark,' Proc. of SIGCOMM 2005, Philadelphia, PA, Aug., 22-26, 2005
  5. IANA port number list, IANA, http://www.iana.org/assignments/port-numbers
  6. Jian Zhang and Andrew Moore, 'Traffic Trace Artifacts due to Monitoring Via Port Mirroring,' Proc. of the IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services (E2EMON) 2007, Munich, Germany, May., 21, 2007
  7. Liu, Hui Feng, Wenfeng Huang, Yongfeng Li, Xing 'Accurate Traffic Classification', Networking, Architecture, and Storage, 2007. NAS 2007. International Conference
  8. Risso, F. Baldi, M. Morandi, O. Baldini, A. Monclus, P. Lightweight, Payload-Based Traffic Classification: An Experimental Evaluation. In proceeding of Communications, 2008. ICC '08. IEEE International Conference, 2008
  9. L.Bernaille, R. Teixeira, I. Akodkenou, A.Soule, and K.Salamatian. 'Traffic classification on the fly'. SIGCOMM Comput.Commun. Rev., 2006 https://doi.org/10.1145/1129582.1129589
  10. Bernaille, L., Teixeira, R., Salamatian, K.: Early application identification. In: CoNext 2006. Conference on Future Networking Technologies., 2006
  11. Byung-Chul Park, Young J. Won, Myung-Sup Kim, James W. Hong, 'Towards Automated Application Signature Generation for Traffic Identification,' Proc. of the IEEE/IFIP Network Operations and Management Symposium (NOMS) 2008, Salvador, Bahia, Brazil, pp.160-167, April, 7-11, 2008
  12. Rentao Gu, Minhuo Hong, Hongxiang Wang, and Yuefeng Ji, 'Fast Traffic Classification in High Speed Networks' Proc. of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2008, LNCS 5297, Beijing, China, pp.429-432, Oct., 22-24, 2008
  13. Ying-Dar Lina, Chun-Nan Lua, Yuan-Cheng Laib, Wei-Hao Penga and Po-Ching Lina, 'Application classification using packet size distribution and port association' Proc. of the Journal of Network and Computer Applications, In Press, Corrected Proof, Available online, March, 20. 2009 https://doi.org/10.1016/j.jnca.2009.03.001
  14. Huifang Feng, Yantai Shu, 'Statistical Analysis of Packet Interarrival Times in Wireless' Proc. of the Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference, Shanghai, China, pp.1888-1891, Sept., 21-25, 2007 https://doi.org/10.1109/WICOM.2007.473
  15. Jacobus van der Merwe, Ramon Caceres, Yang-hua Chu, and Cormac Sreenan 'mmdump - A Tool for Monitoring Internet Multimedia Traffic,' ACM Computer Communication Review, 30(4), October, 2000 https://doi.org/10.1145/505672.505678
  16. Hun-Jeong Kang, Myung-Sup Kim, and James Won-Ki Hong, 'Streaming Media and Multimedia Conferencing Traffic Analysis Using Payload Examination,' ETRI Journal, Vol.26, No.3, pp.203-217, Jun., 2004 https://doi.org/10.4218/etrij.04.0103.0052
  17. Y.J. Won, B.C. Park, H.T. Ju, M.S. Kim, and J. W. Hong. A hybrid approach for accurate application traffic identification. In IEEE/IFIP E2EMON, April, 2006